In an increasingly digital economy, the supply of talent for cyber roles is no longer meeting demand. Last year, a workforce study projected a shortfall of 1.8 million cyber security workers by 2022, an increase of 20 percent on the 1.5 million shortfall it projected in 2015.

Advertisement

“With automation and digital transformation changing business models, every sector is becoming a technology sector and will be affected by the cyber skills shortage,” said Tracey Malcolm, Willis Towers Watson’s Future of Work leader.

A cyber security shortfall has a range of implications for businesses, from increased vulnerability to cyber attacks to losing ground to competitors with sophisticated digital capabilities.

“New AI-supported processes, cloud-based databases hosted by third parties and the Internet of Things make it critical to have the right talent and processes in place to effectively mitigate risk and execute the demands of the business,” said RIMS board member Patrick Sterling, senior director, legendary people and risk management, Texas Roadhouse, describing AI as a “game-changer” for his business.

“Technological disruption is here and is not going away. With the speed of change, the last thing you want is a competitive advantage or money-saving technology sitting in the hopper waiting a long time for resources.”

The Need for More Women in Cyber

One of the biggest drivers of the skills gap is the under-representation of women in cyber security.

North America has the highest proportion of female cyber security talent of any global region, yet women are still hugely under-represented at just 14 percent (versus 48 percent) of the total workforce. Globally, that figure is just 11 percent.

According to the Global Information Security Workforce Study (GISWS), many women feel undervalued and discriminated against in the profession and earn less than men at every professional level.

Globally, men are four times more likely to be in a C-level cyber security position, four times more likely to be in executive management and nine times more likely to be in a managerial position, the study found.

“Companies must take swift and considerable actions to engage, develop and retain women in the field, or the global workforce gap will continue to grow year over year,” said the International Information Security Certification Consortium, or (ISC)²

Ethnic diversity is also key. According to a review of 180 publicly traded companies by McKinsey & Co, returns on equity were 53 percent higher on average for companies ranking in the top quartile of executive-board diversity than those in the bottom quartile.

Minority representation within the cyber security profession (26 percent) is slightly higher than the overall U.S. minority workforce (21 percent), however the majority are concentrated in non-management positions. Those in leadership roles are often more qualified than their peers, (ISC)² found.

Fixing the Cyber Security gap

According to Sterling, companies now have to be “laser focused” on inclusion and diversity: “It is a war for talent right now. If you don’t have a workplace where everyone can come to work and feel comfortable being their authentic best self, then you are behind in creating a culture that supports finding and retaining the best talent.”

Unconscious bias and cultural competency training is a good place to start, though it should be done by highly qualified trainers, Sterling explained.

Employers should also evaluate recruiting, hiring and retention practices to look for unintended barriers to improving workplace diversity, he said

“Rather than diversity and inclusion feeling punitive and compliance-driven, employees should be included in the positivity of building diverse teams. Bonuses for strategic referrals and hires are just one example.”

According to (ISC)², companies should implement mentorship, leadership and training programs, executive leadership programs and company-wide recognition programs and events to promote the advancement of diverse workforces.

“In order to be competitive today, you must have a highly talented IT leader who is passionate about creating a great workplace culture and knows how to recruit and cultivate great teams,” said Sterling.

Some companies are already laying the groundwork.

“We are seeing some companies being very proactive in building relationships with the cyber community and education organizations in order to boost the talent flow coming through,” said Malcolm.

“In order to be competitive today, you must have a highly talented IT leader who is passionate about creating a great workplace culture and knows how to recruit and cultivate great teams.” — Patrick Sterling, RIMS board member and risk management executive, Texas Roadhouse

One concern, she added, is that many HR departments still underestimate future cyber security talent needs.

“If you suddenly have a cyber breach and it’s all-hands-on-deck 24/7, you expect the cyber team to be there and respond, but what if 60 percent are permanent staff and 40 percent are contingent and contract?” she said.

“Your permanent cyber talent may be accessing supportive benefits like child care, but what about your contingent cyber talent? All of the talent you rely on should have a well-defined value proposition such as access to benefits programs.”

According to Malcolm, strategic workforce planning must be done frequently, regularly and proactively.

“HR sometimes keeps the cyber team at arm’s length, because its specific skillset and cyber people are plugged into other cyber people and often will be sourcing through their own networks or the security sector. However, HR needs to jump in and get active to support alternative recruitment approaches,” she said.

Advertisement

Cyber talent can be nurtured from a variety of backgrounds, including legal and law enforcement.

“It’s not all just tech engineers,” said Jason Hogg, CEO, Aon Cyber Solutions.

Compensation packages and perks for cyber professionals make retaining existing talent another key challenge. (ISC)²’s research found millennial workers are more likely to change employers than other generations, putting value in career development, training, professional certifications and association memberships.

Millennials want to be intellectually stimulated and they also want to be up-to-speed with technology, “so they need to have access to all the best and latest tools,” said Hogg.

“Home-growing talent is critical,” he said. Aon developed a cyber associate program onto which dozens of college graduates are onboarded each year, receiving mentorship and gaining practical experience.

Aon also introduced a formal mentoring and development program to nurture female cyber security talent.

“We have taken a strong stance on developing female leaders, and 42 percent of our current cyber associate class is female,” Hogg said. “You have to be systematic in how you attract, retain and develop talent, just as you do with managing risk.” &

Antony Ireland is a London-based financial journalist. He can be reached at [email protected]

Ask the average citizen what they think about the future of U.S. manufacturing, and you’re likely to hear bleak projections of companies shipping their operations offshore, or robots displacing human workers. Overall, the industry’s public image is fading at the edges — people perceive waning relevance and opportunity.

“But if you ask manufacturers what they think, the response is the exact opposite. U.S. manufacturers are actually quite enthused about the future,” said Seth Hedrington, Senior Vice President and General manager, National Insurance, West Division, Liberty Mutual Insurance. “It’s a very dynamic industry with new opportunities every day.”

Advancements in technology are changing the game in terms of capabilities, efficiency and agility.

“Automation and robotics enable smaller entities to produce at a smaller scale, which puts pressure on every player to become more efficient,” Hedrington said. But additional, less publicized

technology is also making a big impact. The Internet of Things, blockchain, and 3D printing, to name a few, are lowering barriers to entry and enabling companies to move into new markets more quickly.

Seth Hedrington, Senior Vice President and General Manager, National Insurance, West Division, Liberty Mutual Insurance

Thanks to these developments, technology is driving competition. However, its benefits are simultaneously counteracted by the challenge of keeping up with rapidly-changing consumer preferences, government regulation, and an ongoing labor shortage.

The result is an environment teeming with both opportunity and obstacles. “Manufacturers have to make changes to stay in the game, but that introduces new risks,” Hedrington said.

Here are five ways manufacturers are reacting to a newly competitive environment that may expose them to unforeseen risks:

1. Stretching an existing workforce to combat a shortage of qualified workers.

The inability to attract and retain workers remains a top challenge for manufacturers, in part because the nature of the skill set required is changing rapidly. Because technology plays such a significant role in front-line production processes, manufacturers need people who not only operate the machines, but also understand how they work.

“They need workers who are more adept with technology, and that’s harder to come by,” Hedrington said.

To increase capacity, companies are lengthening or adding shifts for their existing workforce, which increases the likelihood of fatigue and the risk of injury. While co-bots may reduce labor demands and mitigate safety risk over the long term, they too present short-term challenges.

“Introducing new machinery or even new workers creates unfamiliarity, and that initially increases safety risk,” Hedrington said.

These changes also have product liability implications. “When you extend shifts, you’re taxing the equipment as well as your workers,” Hedrington said. “That makes it more difficult to achieve a consistent level of product quality.”

Thanks to recent tariffs on key imports like aluminum and steel, raw materials are becoming more expensive. “Manufacturers are faced with some of the most extreme fluctuations in the cost of materials that we’ve seen in recent history,” Hedrington said.

To control costs, some companies are turning to suppliers from regions not impacted by the tariffs. But significant risks always accompany a change in trade relationships. Product defect liability is chief among them, but the risk of supply chain interruption is also an issue.

“If you’re working with alternate suppliers and relationships are not as established, the risk of interruption is greater,” Hedrington said. Failure to deliver products on time ultimately presents a reputational risk and threatens a manufacturer’s ability to keep their contracts.

Risk Management Steps:

Maintain relationships with previous suppliers.

Develop contingency plans and a network of backup suppliers.

Review contract language addressing liability for faulty materials.

3. Diversifying operations to become more nimble and fast-paced.

Technology makes it easier to stay connected anywhere in the world, and more manufacturers are taking advantage of that to open multiple locations across the U.S. and abroad.

“As companies start to feel pressured by the competitive environment, they’ll look for opportunities to manufacture in other parts of the world where regulatory hurdles and costs are smaller,” Hedrington said.

That, however, may increase exposure to intellectual property (IP) theft. While cyber breach happens everywhere, an international supply chain typically means a more expansive network, so the potential for infiltration and IP theft is greater. The ability to seek damages for IP theft occurring outside the U.S. can also be more challenging.

“A global network is a lot more difficult to manage—you need to regularly evaluate who has access, what they have access to, and make sure the access is secure,” Hedrington said. Limiting access to confidential information to specific groups or a specific location, like a U.S. headquarters, could help mitigate the exposure.

Risk Management Steps:

Add language to contracts that protect proprietary and IP rights.

Limit research and development to company headquarters.

Review internal IT protections.

4. Making facilities “smarter” to improve production and output.

More manufacturers are incorporating sensors and internet-enabled technology that allows machines to collect and share data and work together in an automated fashion. This ‘smart’ technology provides valuable insights into the efficiency of production processes.

“The risk associated with “smart” machinery is their interconnectivity,” Hedrington said. “Anytime you have that level of connectivity, you have an increased level of risk to cyber breach.” It’s also easier to make unintentional or unauthorized changes to product design and specifications or material thresholds, which could impact product quality and safety.

“Many manufacturers don’t perceive themselves as major targets for cyber-attack, but failing to appreciate and mitigate that exposure can result in significant losses. In addition to reviewing your internal IT safeguards, it’s critical to review your insurance options. If you’re not considering the benefits of insurance, that’s a significant missed opportunity to protect your business,” he said.

Risk Management Steps:

Update your cyber policy to include both first- and third-party coverage.

Manufacturers in a variety of consumer product segments, from razors and eyeglasses to mattresses and sneakers, are increasingly exploring direct to consumer models that cut out the middle man. While few manufacturers are abandoning their traditional distribution outlets all together, they are considering e-commerce and even brick-and mortar locations of their own.

In addition to increased efficiencies, this format allows manufacturers more control over the customer experience and a bigger share of the profits.

“Going direct-to-consumer is another way to beat out competitors,” Hedrington said. “Technology and the connectivity of everything has helped open up new distribution avenues.”

It also, however, confers liabilities to the manufacturer that the middle-men normally accept, such as product and safety liability for proper packaging and labeling, as well as other operational risks that come with running a storefront, including workers’ compensation, cyber, property and general liability exposures.

Risk Management Steps:

Don’t completely shut down traditional distribution channels.

Ensure you have the skills to manage operational risks of direct distribution.

Build a cross-functional team to build a thorough risk management plan.

Your Insurer’s Experience and Expertise Matter

Manufacturing represents one of the largest business segments that Liberty Mutual serves, and teams across the organization have specialized expertise in the unique challenges facing this evolving sector.

Liberty insures a wide variety of manufacturers, wants to write more, and has the products to address the industry’s specific exposures. The company can offer a holistic solution that includes core property & casualty, as well as cyber, D&O, and environmental lines through Ironshore, a Liberty Mutual company.

“Liberty Mutual is entrenched in the risk management practices of the manufacturing industry. Our risk control professionals participate in many boards and committees that create standards to improve equipment, product, and employee safety. Additionally, our Industry Solutions and Product Management teams have a deep understanding of the manufacturing industry and help customers stay ahead of emerging risks,” Hedrington said.

In addition, Liberty’s claims handlers have the experience, capabilities, and knowledge to deliver quality outcomes so manufacturers can rebound from losses as quickly as possible.

“Our commitment to this space manifests itself in many ways, and that will hold true as U.S. manufacturing continues to evolve,” Hedrington said.

This article was produced by the R&I Brand Studio, a unit of the advertising department of Risk & Insurance, in collaboration with Liberty Mutual Insurance. The editorial staff of Risk & Insurance had no role in its preparation.

Cookies

We use cookies to ensure we give you the best experience on our site. By continuing to use our site without changing your settings, you're agreeing to our cookie policy. Click to view our cookie policy.